<?php
/**
*
* @package phpBB3
* @version $Id$
* @copyright (c) 2005 phpBB Group
* @license http://opensource.org/licenses/gpl-license.php GNU Public License
*
*/

/**
*/

/**
* @ignore
*/
 
define('IN_PHPBB', true);
$phpbb_root_path = (defined('PHPBB_ROOT_PATH')) ? PHPBB_ROOT_PATH : './';
$phpEx = substr(strrchr(__FILE__, '.'), 1);
include($phpbb_root_path . 'common.' . $phpEx);
include($phpbb_root_path . 'sv_common.' . $phpEx);

// Basic parameter data
$mode		= request_var('mode', '');

if ($mode == 'corp_name')
{	
	$corp_id	= $db->sql_escape(request_var('corp_id', ''));
	
	$refered_price = get_refered_price($corp_id);
	
	if ($refered_price == 0.0)
	{
		echo '';
	}
	else
	{
		// The returned string is 'company name' + 1 space + 'refered stock price'.
		$str = get_corp_chinese_name($corp_id);
		$str .= ' ' . $refered_price;
	
		echo $str;
	}
}
if ($mode == 'username_exist')
{	
	$username	= $db->sql_escape(request_var('username', ''));

	$sql 	= 'SELECT * FROM ' . USERS_TABLE . ' WHERE username="' . $username . '"';
	$result = $db->sql_query_limit($sql,1); 
	if ($db->sql_fetchrow($result))
	{
		echo 1;	
	}
	else
	{
		echo 0;
	}
//	echo get_corp_chinese_name($corp_id);
}
if ($mode == 'email_exist')
{	
	$email	= $db->sql_escape(request_var('email', ''));
	
	$sql 	= 'SELECT * FROM ' . USERS_TABLE . ' WHERE user_email="' . $email . '"';
	$result = $db->sql_query_limit($sql,1); 
	if ($db->sql_fetchrow($result))
	{
		echo 1;	
	}
	else
	{
		echo 0;
	}
//	echo get_corp_chinese_name($corp_id);
}

if ($mode == 'vote_a_poll')
{	
	$vote_key	= $db->sql_escape(request_var('vote_key', ''));
	$user_id	= (int)request_var('user_id', '');
	$topic_id	= (int)request_var('topic_id', '');
	$vote_id	= (int)request_var('vote_id', '');
	
	// check the vote key.
	$correct_vote_key = md5(' ' . $user_id . 'vote_key' . $topic_id);
	if ($correct_vote_key != $vote_key)
	{		
		echo 0;
		exit(0);	
	}
	
	// update vote option table.
//	echo 'user: ' . $user_id . ' topic: ' . $topic_id . ' vote: ' . $vote_id;

	$sql = 'UPDATE ' . POLL_OPTIONS_TABLE . '
				SET poll_option_total = poll_option_total + 1
				WHERE poll_option_id = ' . (int) $vote_id . '
					AND topic_id = ' . (int) $topic_id;
	$db->sql_query($sql);

	$sql_ary = array(
					'topic_id'			=> (int) $topic_id,
					'poll_option_id'	=> (int) $vote_id,
					'vote_user_id'		=> (int) $user_id,
					'vote_user_ip'		=> ' ',
				);

	$sql = 'INSERT INTO ' . POLL_VOTES_TABLE . ' ' . $db->sql_build_array('INSERT', $sql_ary);
	$db->sql_query($sql);
	
	echo 0;

}

if ($mode == 'read_news')
{
	$user_id	= (int)request_var('user_id', '');
	$news_id	= (int)request_var('news_id', '');
	
	$sql_ary = array(
					'user_id'			=> (int) $user_id,
					'news_id'			=> (int) $news_id,
					'time'				=> get_taiwan_time(),
				);

	$sql = 'INSERT IGNORE INTO sv_read_news_record ' . $db->sql_build_array('INSERT', $sql_ary);
	$db->sql_query($sql);
}

if ($mode == 'all_corp_id_name')
{
	$searchTerm = $db->sql_escape($_GET['term']);
		
	$all_corp 	= array();
	$corp 		= array();
	
	$sql 	= 'SELECT * FROM sv_corp_info';
	$result = $db->sql_query($sql);
	while ($row = $db->sql_fetchrow($result))
	{
		$str = '' . $row['corp_id'] . '  ' . $row['chinese_name'];		
		
//		if (stripos($row['corp_id'], $searchTerm) || stripos($row['chinese_name'], $searchTerm))
		if (strpos($str, $searchTerm) !== false)
		{
			$corp['value'] = $row['corp_id'];
			$corp['label'] = '' . $row['corp_id'] . '  ' . $row['chinese_name'];			
			
			$all_corp[] = $corp;
		}
	}	
	
	
//	function filter($all_corp) {
//	  global $searchTerm;
//	  return stripos($all_corp, $searchTerm) !== false;
//	}
	
//	print(json_encode(array_values(array_filter($all_corp, "filter"))));
	print(json_encode(array_values($all_corp)));
}

if ($mode == 'edit_note')
{
	$type		= $db->sql_escape(request_var('type', ''));
	$user_id	= (int)request_var('user_id', '');
	$corp_id	= $db->sql_escape(request_var('corp_id', ''));
	$note		= $db->sql_escape(utf8_clean_string(request_var('note', '', true)));	// true for UTF-8 string
	
	if ($type == 'holding')
		$db_name = 'sv_holding_stock';
	else if ($type == 'shorting')
		$db_name = 'sv_short_stock';
	else
		return;
	
	if (strlen($corp_id) > 6)
		return;
	if (strlen($note) > 255)
		return;
		
	$sql 	= 'UPDATE ' . $db_name . ' SET note="' . $note . '" WHERE user_id=' . $user_id . ' AND corp_id="' . $corp_id . '"';	
	$db->sql_query($sql);	
}

if ($mode == 'set_stop_loss_profit')
{
	$type			= $db->sql_escape(request_var('type', ''));
	$user_id		= (int)request_var('user_id', '');
	$corp_id		= $db->sql_escape(request_var('corp_id', ''));
	$stop_loss		= (float)request_var('stop_loss', 0.0);
	$stop_profit	= (float)request_var('stop_profit', 0.0);
	
	if ($type == 'holding')
		$db_name = 'sv_holding_stock';
	else if ($type == 'shorting')
		$db_name = 'sv_short_stock';
	else
		return;
	
	if (strlen($corp_id) > 6)
		return;
	if (strlen($note) > 255)
		return;
	if ($stop_loss > 1 || $stop_profit > 10)
		return;
		
	$sql 	= 'UPDATE ' . $db_name . " SET stop_loss=$stop_loss, stop_profit=$stop_profit " . ' WHERE user_id=' . $user_id . ' AND corp_id="' . $corp_id . '"';	
	$db->sql_query($sql);	
}

?>